Translated:20140813 Linux FAQs with Answers--How to turn off server signature on Apache web server.md

sources/tech/20140813 Linux FAQs with Answers--How to turn off server signature on Apache web server.md

@@ -1,75 +0,0 @@
-Translating by GOLinux ...
-Linux FAQs with Answers--How to turn off server signature on Apache web server
-================================================================================
-> **Question**: Whenever Apache2 web server returns error pages (e.g., 404 not found, 403 access forbidden pages), it shows web server signature (e.g., Apache version number and operating system info) at the bottom of the pages. Also, when Apache2 web server serves any PHP pages, it reveals PHP version info. How can I turn off these web server signatures in Apache2 web server? 
-
-Revealing web server signature with server/PHP version info can be a security risk as you are essentially telling attackers known vulnerabilities of your system. Thus it is recommended you disable all web server signatures as part of server hardening process.
-
-![](https://farm4.staticflickr.com/3897/14902970545_c3d406322f_o.png)
-
-### Disable Apache Web Server Signature ###
-
-Disabling Apache web server signature can be achieved by editing Apache config file.
-
-On Debian, Ubuntu or Linux Mint:
-
-    $ sudo vi /etc/apache2/apache2.conf
-
-On CentOS, Fedora, RHEL or Arch Linux:
-
-    $ sudo vi /etc/httpd/conf/httpd.conf
-
-Add the following two lines at the end of Apache config file.
-
-> ServerSignature Off
-> 
-> ServerTokens Prod
-
-Then restart web server to activate the change:
-
-    $ sudo service apache2 restart (Debian, Ubuntu or Linux Mint)
-    $ sudo service httpd restart (CentOS/RHEL 6)
-    $ sudo systemctl restart httpd.service (Fedora, CentOS/RHEL 7, Arch Linux)
-
-The first line 'ServerSignature Off' makes Apache2 web server hide Apache version info on any error pages.
-
-![](https://farm6.staticflickr.com/5556/14879982016_7c7b8bbf3d_o.png)
-
-However, without the second line 'ServerTokens Prod', Apache server will still include a detailed server token in HTTP response headers, which reveals Apache version number.
-
-![](https://farm4.staticflickr.com/3889/14902970535_e84ec23090_z.jpg)
-
-What the second line '**ServerTokens Prod**' does is to suppress a server token in HTTP response headers to a bare minimal.
-
-So with both lines in place, Apache will not reveal Apache version info in either web pages or HTTP response headers.
-
-![](https://farm4.staticflickr.com/3902/14902970505_d79225f25d_z.jpg)
-
-### Hide PHP Version ###
-
-Another potential security threat is PHP version info leak in HTTP response headers. By default, Apache web server includes PHP version info via "X-Powered-By" field in HTTP response headers. If you want to hide PHP version in HTTP headers, open php.ini file with a text editor, look for "expose_php = On", and change it to "expose_php = Off".
-
-![](https://farm4.staticflickr.com/3853/14899917981_aaef71eb0a.jpg)
-
-On Debian, Ubuntu, or Linux Mint:
-
-    $ sudo vi /etc/php5/apache2/php.ini
-
-On CentOS, Fedora, RHEL or Arch Linux:
-
-    $ sudo vi /etc/php.ini
-
-> expose_php = Off
-
-Finally, restart Apache2 web server to reload updated PHP config file.
-
-Now you will no longer see "X-Powered-By" field in HTTP response headers.
-
---------------------------------------------------------------------------------
-
-via: http://ask.xmodulo.com/turn-off-server-signature-apache-web-server.html
-
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出

translated/tech/20140813 Linux FAQs with Answers--How to turn off server signature on Apache web server.md

@@ -0,0 +1,74 @@
+Linux常见问题与答案——如何在Apache网站服务器上关闭服务器签名
+================================================================================
+>**问题**：每当Apache2网站服务器返回错误页时（如，404 页面无法找到，403 禁止访问页面），它会在页面底部显示网站服务器签名（如，Apache版本号和操作系统信息）。同时，当Apache2网站服务器为PHP页面服务时，它也会显示PHP的版本信息。我如何在Apache2网站服务器上关闭这些网站服务器签名？
+
+透露网站服务器带有服务器/PHP版本信息的签名会带来安全隐患，因为你基本上将你系统上的已知漏洞告诉给了攻击者。因此，作为服务器加固的一个部分，强烈推荐你禁用所有网站服务器签名。
+
+![](https://farm4.staticflickr.com/3897/14902970545_c3d406322f_o.png)
+
+### 禁用Apache网站服务器签名 ###
+
+禁用Apache网站服务器签名可以通过编辑Apache配置文件来实现。
+
+在Debian，Ubunt或者Linux Mint上：
+
+    $ sudo vi /etc/apache2/apache2.conf
+
+在CentOS，Fedora，RHEL或者Arch Linux上：
+
+    $ sudo vi /etc/httpd/conf/httpd.conf
+
+将下面两行添加到Apache配置文件底部。
+
+> ServerSignature Off
+> 
+> ServerTokens Prod
+
+然后重启网站服务器以使修改生效：
+
+    $ sudo service apache2 restart (Debian, Ubuntu or Linux Mint)
+    $ sudo service httpd restart (CentOS/RHEL 6)
+    $ sudo systemctl restart httpd.service (Fedora, CentOS/RHEL 7, Arch Linux)
+
+第一行‘ServerSignature Off’使得Apache2网站服务器在所有错误页面上隐藏Apache版本信息。
+
+![](https://farm6.staticflickr.com/5556/14879982016_7c7b8bbf3d_o.png)
+
+然而，没有第二行的‘ServerTokens Prod’，Apache服务器将仍然在HTTP回应头部包含详细的服务器标记，这会泄漏Apache的版本号。
+
+![](https://farm4.staticflickr.com/3889/14902970535_e84ec23090_z.jpg)
+
+第二行‘**ServerTokens Prod**’所要做的是在HTTP回应头中将服务器标记压缩到最小。
+
+因此，同时放置两行时，Apache将不会在页面中或者HTTP回应头中泄漏版本信息。
+
+![](https://farm4.staticflickr.com/3902/14902970505_d79225f25d_z.jpg)
+
+### 隐藏PHP版本 ###
+
+另外一个潜在的安全威胁是HTTP回应头中的PHP版本信息泄漏。默认情况下，Apache网站服务器通过HTTP回应头中的“X-Powered-By”字段包含有PHP版本信息。如果你想要在HTTP头部中隐藏PHP版本，请使用文本编辑器打开php.ini文件，找到“expose_php = On”这一行，将它改为“expose_php = Off”即可。
+
+![](https://farm4.staticflickr.com/3853/14899917981_aaef71eb0a.jpg)
+
+在Debian，Ubunt或者Linux Mint上：
+
+    $ sudo vi /etc/php5/apache2/php.ini
+
+在CentOS，Fedora，RHEL或者Arch Linux上：
+
+    $ sudo vi /etc/php.ini
+
+> expose_php = Off
+
+最后，重启Apache2网站服务器以重新加载更新的PHP配置文件。
+
+现在，你不会再看到带有“X-Powered-By”字段的HTTP回应头部了。
+
+--------------------------------------------------------------------------------
+
+via: http://ask.xmodulo.com/turn-off-server-signature-apache-web-server.html
+
+译者：[GOLinux](https://github.com/GOLinux)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出